Securing Real-Time Internet-of-Things

Modern embedded and cyber-physical systems are ubiquitous. A large number of critical cyber-physical systems have real-time requirements (e.g., avionics, automobiles, power grids, manufacturing systems, industrial control systems, etc.). Recent developments and new functionality requires real-time embedded devices to be connected to the Internet. This gives rise to the real-time Internet-of-things (RT-IoT) that promises a better user experience through stronger connectivity and efficient use of next-generation embedded devices. However RT- IoT are also increasingly becoming targets for cyber-attacks which is exacerbated by this increased connectivity. This paper gives an introduction to RT-IoT systems, an outlook of current approaches and possible research challenges towards secure RT- IoT frameworks

Protecting Actuators in Safety-Critical IoT Systems from Control Spoofing Attacks

In this paper, we propose a framework called Contego-TEE to secure Internet-of-Things (IoT) edge devices with timing requirements from control spoofing attacks where an adversary sends malicious control signals to the actuators. We use a trusted computing base available in commodity processors (such as ARM TrustZone) and propose an invariant checking mechanism to ensure the security and safety of the physical system. A working prototype of Contego-TEE was developed using embedded Linux kernel. We demonstrate the feasibility of our approach for a robotic vehicle running on an ARM-based platform.Comment: 2nd Workshop on the Internet of Things Security and Privacy - Iot S&P'19, November 15, 2019, London, United Kingdom. ACM ISBN: 978-1-4503-6838-4/19/1

Novel Night and Day Control of PV Solar Farm as STATCOM (PV-STATCOM) for Critical Induction Motor Stabilization and FIDVR Alleviation

Induction motors are globally used in several critical operations such as petrochemicals, mining, process control, etc., where their shutdown during faults causes significant financial loss. System faults can also lead to Fault Induced Delayed Voltage Recovery (FIDVR) causing service disruptions. Dynamic reactive power compensators such as SVC and STATCOM are conventionally employed to mitigate these issues, however, these are very expensive. PV solar plants are growing at unprecedented rate globally and are likely to be installed near such critical motors. This thesis presents several novel applications of a patented technology of utilizing PV solar plants, both during night and day, as STATCOM, termed PV-STATCOM, for mitigating above issues at about 50 times lower cost than equivalent-size STATCOMs. A reactive power modulation based PV-STATCOM control is developed to stabilize remotely located motor both during night and day in a realistic distribution feeder, even when reactive power support according to the pioneering German Grid code fails. This control was field demonstrated for first time in Canada (and perhaps in world) on the 10 kW PV solar system in the utility network of Bluewater Power, Sarnia, Ontario. Another novel control strategy based on active and reactive power modulation of PV-STATCOM is developed. MATLAB/PSCAD simulation studies show that the proposed control can stabilize remotely located motor much faster and with reduced real power curtailment than conventional strategies. A new real and reactive power control of PV-STATCOM is proposed to alleviate FIDVR. Electromagnetic Transients simulation studies on a realistic transmission network show that the proposed control on a 100 km remote solar farm can alleviate FIDVR and stabilize a cluster of motors for wide range of system parameters and operating conditions. PV-STATCOM can alleviate the need of local STATCOM for achieving the same objective. Comprehensive sensitivity and stability analysis of single and two distribution level PV-STATCOMs are performed with: i) equivalent and detailed PV-STATCOM model, and ii) PV-STATCOM control implemented at plant level and inverter level. The impact of modeling details, controller location and system parameters on controller interaction, are investigated

A Novel Side-Channel in Real-Time Schedulers

We demonstrate the presence of a novel scheduler side-channel in preemptive, fixed-priority real-time systems (RTS); examples of such systems can be found in automotive systems, avionic systems, power plants and industrial control systems among others. This side-channel can leak important timing information such as the future arrival times of real-time tasks.This information can then be used to launch devastating attacks, two of which are demonstrated here (on real hardware platforms). Note that it is not easy to capture this timing information due to runtime variations in the schedules, the presence of multiple other tasks in the system and the typical constraints (e.g., deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to effectively exploit this side-channel. A complete implementation is presented on real operating systems (in Real-time Linux and FreeRTOS). Timing information leaked by ScheduLeak can significantly aid other, more advanced, attacks in better accomplishing their goals